Add ability to hide notifications when authProvider.checAuth() fails

fzaninotto · fzaninotto · commit 1be288a410c0 · 2020-10-11T23:04:10.000+02:00
Closes #5377
diff --git a/docs/Authentication.md b/docs/Authentication.md
@@ -182,9 +182,11 @@ Note that the `authProvider.logout()` method can return the url to which the use
 
 If the API requires authentication, and the user credentials are missing in the request or invalid, the API usually answers with an HTTP error code 401 or 403.
 
-Fortunately, each time the API returns an error, react-admin calls the `authProvider.checkError()` method. Once again, it's up to you to decide which HTTP status codes should let the user continue (by returning a resolved promise) or log them out (by returning a rejected promise).
+Fortunately, each time the API returns an error, react-admin calls the `authProvider.checkError()` method. When `checkError()` returns a rejected promise, react-admin calls the `authProvider.logout()` method.
 
-For instance, to redirect the user to the login page for both 401 and 403 codes:
+So it's up to you to decide which HTTP status codes should let the user continue (by returning a resolved promise) or log them out (by returning a rejected promise).
+
+For instance, to log the user out for both 401 and 403 codes:
 
 ```js
 // in src/authProvider.js
@@ -198,13 +200,54 @@ export default {
             localStorage.removeItem('auth');
             return Promise.reject();
         }
+        // other error code (404, 500, etc): no need to log out
+        return Promise.resolve();
+    },
+    // ...
+};
+```
+
+When `authProvider.checkError()` returns a rejected Promise, react-admin redirects to the `/login` page, or to the `error.redirectTo` url. That means you can override the default redirection as follows:
+
+```js
+// in src/authProvider.js
+export default {
+    login: ({ username, password }) => { /* ... */ },
+    getIdentity: () => { /* ... */ },
+    logout: () => { /* ... */ },
+    checkError: (error) => {
+        const status = error.status;
+        if (status === 401 || status === 403) {
+            localStorage.removeItem('auth');
+            return Promise.reject({ redirectTo: '/credentials-required' });
+        }
+        // other error code (404, 500, etc): no need to log out
         return Promise.resolve();
     },
     // ...
 };
 ```
 
-Note that when `checkError()` returns a rejected promise, react-admin calls the `authProvider.logout()` method before redirecting, and uses the url which may have been returned by the call to `logout()`.
+When `authProvider.checkError()` returns a rejected Promise, react-admin displays a notification to the end user, unlsee the `error.message` is `false`. That means you can disable the notification on error as follows:
+
+```js
+// in src/authProvider.js
+export default {
+    login: ({ username, password }) => { /* ... */ },
+    getIdentity: () => { /* ... */ },
+    logout: () => { /* ... */ },
+    checkError: (error) => {
+        const status = error.status;
+        if (status === 401 || status === 403) {
+            localStorage.removeItem('auth');
+            return Promise.reject({ message: false });
+        }
+        // other error code (404, 500, etc): no need to log out
+        return Promise.resolve();
+    },
+    // ...
+};
+```
 
 ## Checking Credentials During Navigation
 
@@ -246,6 +289,38 @@ export default {
 
 Note that react-admin will call the `authProvider.logout()` method before redirecting. If you specify the `redirectTo` here, it will override the url which may have been returned by the call to `logout()`.
 
+If the promise is rejected, react-admin displays a notification to the end user. You can customize this message by rejecting an error with a `message` property:
+
+```js
+// in src/authProvider.js
+export default {
+    login: ({ username, password }) => { /* ... */ },
+    getIdentity: () => { /* ... */ },
+    logout: () => { /* ... */ },
+    checkError: (error) => { /* ... */ },
+    checkAuth: () => localStorage.getItem('auth')
+        ? Promise.resolve()
+        : Promise.reject({ message: 'login.required' }), // react-admin passes the error message to the translation layer
+    // ...
+}
+```
+
+You can also disable this notification completely by rejecting an error with a `message` with a `false` value:
+
+```js
+// in src/authProvider.js
+export default {
+    login: ({ username, password }) => { /* ... */ },
+    getIdentity: () => { /* ... */ },
+    logout: () => { /* ... */ },
+    checkError: (error) => { /* ... */ },
+    checkAuth: () => localStorage.getItem('auth')
+        ? Promise.resolve()
+        : Promise.reject({ message: false }),
+    // ...
+}
+```
+
 **Tip**: In addition to `login()`, `logout()`, `checkError()`, and `checkAuth()`, react-admin calls the `authProvider.getPermissions()` method to check user permissions. It's useful to enable or disable features on a per user basis. Read the [Authorization Documentation](./Authorization.md) to learn how to implement that type.
 
 ## Customizing The Login and Logout Components
diff --git a/packages/ra-core/src/auth/useCheckAuth.spec.tsx b/packages/ra-core/src/auth/useCheckAuth.spec.tsx
@@ -113,4 +113,21 @@ describe('useCheckAuth', () => {
         expect(notify).toHaveBeenCalledTimes(0);
         expect(queryByText('authenticated')).toBeNull();
     });
+
+    it('should logout whitout showing a notification when authProvider returns error with message false', async () => {
+        const { queryByText } = render(
+            <AuthContext.Provider
+                value={{
+                    ...authProvider,
+                    checkAuth: () => Promise.reject({ message: false }),
+                }}
+            >
+                <TestComponent />
+            </AuthContext.Provider>
+        );
+        await wait();
+        expect(logout).toHaveBeenCalledTimes(1);
+        expect(notify).toHaveBeenCalledTimes(0);
+        expect(queryByText('authenticated')).toBeNull();
+    });
 });
diff --git a/packages/ra-core/src/auth/useCheckAuth.ts b/packages/ra-core/src/auth/useCheckAuth.ts
@@ -60,7 +60,10 @@ const useCheckAuth = (): CheckAuth => {
                             ? error.redirectTo
                             : redirectTo
                     );
-                    !disableNotification &&
+                    const shouldSkipNotify =
+                        disableNotification ||
+                        (error && error.message === false);
+                    !shouldSkipNotify &&
                         notify(
                             getErrorMessage(error, 'ra.auth.auth_check_error'),
                             'warning'
@@ -91,6 +94,7 @@ type CheckAuth = (
     params?: any,
     logoutOnFailure?: boolean,
     redirectTo?: string,
+    /** @deprecated to disable the notification, authProvider.checkAuth() should return an object with an error property set to true */
     disableNotification?: boolean
 ) => Promise<any>;
 
diff --git a/packages/ra-core/src/auth/useLogoutIfAccessDenied.spec.tsx b/packages/ra-core/src/auth/useLogoutIfAccessDenied.spec.tsx
@@ -107,7 +107,7 @@ describe('useLogoutIfAccessDenied', () => {
         expect(queryByText('logged in')).toBeNull();
     });
 
-    it('should logout whitout showing a notification', async () => {
+    it('should logout whitout showing a notification if disableAuthentication is true', async () => {
         const { queryByText } = render(
             <AuthContext.Provider value={authProvider}>
                 <TestComponent
@@ -121,4 +121,23 @@ describe('useLogoutIfAccessDenied', () => {
         expect(notify).toHaveBeenCalledTimes(0);
         expect(queryByText('logged in')).toBeNull();
     });
+
+    it('should logout whitout showing a notification if authProvider returns error with message false', async () => {
+        const { queryByText } = render(
+            <AuthContext.Provider
+                value={{
+                    ...authProvider,
+                    checkError: () => {
+                        return Promise.reject({ message: false });
+                    },
+                }}
+            >
+                <TestComponent />
+            </AuthContext.Provider>
+        );
+        await wait();
+        expect(logout).toHaveBeenCalledTimes(1);
+        expect(notify).toHaveBeenCalledTimes(0);
+        expect(queryByText('logged in')).toBeNull();
+    });
 });
diff --git a/packages/ra-core/src/auth/useLogoutIfAccessDenied.ts b/packages/ra-core/src/auth/useLogoutIfAccessDenied.ts
@@ -59,7 +59,11 @@ const useLogoutIfAccessDenied = (): LogoutIfAccessDenied => {
                                 ? error.redirectTo
                                 : undefined;
                         logout({}, redirectTo);
-                        !disableNotification &&
+                        const shouldSkipNotify =
+                            disableNotification ||
+                            (e && e.message === false) ||
+                            (error && error.message === false);
+                        !shouldSkipNotify &&
                             notify('ra.notification.logged_out', 'warning');
                         return true;
                     })
@@ -89,6 +93,7 @@ const logoutIfAccessDeniedWithoutProvider = () => Promise.resolve(false);
  */
 type LogoutIfAccessDenied = (
     error?: any,
+    /** @deprecated to disable the notification, authProvider.checkAuth() should return an object with an error property set to true */
     disableNotification?: boolean
 ) => Promise<boolean>;
 
